AWS IP address ranges

Amazon Web Services (AWS) publishes its current IP address ranges in JSON format.
To view the
current ranges, download the .json file. To maintain history, save
successive versions of the .json file on your system. To determine
whether there have been changes since the last time that you saved the file, check
the
publication time in the current file and compare it to the publication time in the
last file
that you saved.

The public IPv4 address range, in CIDR notation. Note that AWS may
advertise a prefix in more specific ranges. For example, prefix
96.127.0.0/17 in the file may be advertised as 96.127.0.0/21, 96.127.8.0/21,
96.127.32.0/19, and 96.127.64.0/18.

Type: String

Example: "ip_prefix": "198.51.100.2/24"

ipv6_prefix

The public IPv6 address range, in CIDR notation. Note that AWS may
advertise a prefix in more specific ranges.

Type: String

Example: "ipv6_prefix": "2001:db8:1234::/64"

network_border_group

The name of the network border group, which is a unique set of Availability
Zones or Local Zones from where AWS advertises IP addresses.

Type: String

Example: "network_border_group": "us-west-2-lax-1"

region

The AWS Region or GLOBAL for edge locations.
The CLOUDFRONT and ROUTE53 ranges are
GLOBAL.

The subset of IP address ranges.
The addresses listed for API_GATEWAY are egress only.
Specify AMAZON to get all IP address ranges (meaning
that every subset is also in the AMAZON subset).
However, some IP address ranges are only in the AMAZON
subset (meaning that they are not also available in another subset).

Implementing egress control

To allow an instance to access only AWS services, create a security group with rules
that allow outbound traffic to the CIDR blocks in the AMAZON list, minus
the CIDR blocks that are also in the EC2 list. IP addresses in the
EC2 list can be assigned to EC2 instances.

Windows PowerShell

The following PowerShell example shows you how to get the IP addresses that are in
the AMAZON list but not the EC2 list. Copy the script and
save it in a file named Select_address.ps1.

You'll be contacted on the endpoint that you specified and asked to confirm
your subscription. For example, if you specified an email address, you'll
receive an email message with the subject line AWS Notification -
Subscription Confirmation. Follow the directions to confirm your
subscription.

Notifications are subject to the availability of the endpoint. Therefore, you might
want to check the JSON file periodically to ensure that you've got the latest ranges.
For more information about Amazon SNS reliability, see https://aws.amazon.com/sns/faqs/#Reliability.

If you no longer want to receive these notifications, use the following procedure
to
unsubscribe.